Static Analysis

Subscribe to Static Analysis: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Static Analysis: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

.NET languages are becoming increasingly popular for driving the application logic for business-critical SOA and Web applications. In these contexts, functional errors are simply not acceptable, and reliability, security, and performance problems can have serious repercussions. Yet, few development teams have the resources to ensure that their code is free of implementation errors, let alone also worry about reliability, security, and performance. Whether or not your team has a satisfactory strategy for functional testing, you're taking several significant risks if you haven't yet implemented a comprehensive team-wide quality-management strategy: New code might cause the application to become unstable, produce unexpected results, or even crash when the application is used in a way that you didn't anticipate (and didn't test for). New code might open the only door tha... (more)

SOA World - Exclusive Q&A with Dr Adam Kolawa, Co-founder & CEO of Parasoft

“Developers need to realize that Automated Defect Prevention benefits them," says Parasoft co-founder & CEO Dr Adam Kolawa in this Exclusive Q&A with SYS-CON Media's Java Developer's Journal. "But they won’t start recognizing this until they see that they have less work," Kolawa continues. The key to success, he adds, is to have an infrastructure handle as much work as possible. "This way, developers have time to focus on the creative tasks they enjoy most...the ones that truly require human intelligence." View Dr Kolawa on SYS-CON.TV Read Dr Kolawa's Articles “Developers need to realize that [ADP] benefits them. But they won’t start recognizing this until they see that they have less work.” -- Dr Adam Kolawa, Co-Founder & CEO of Parasoft Dr Adam Kolawa is the coauthor of the recently published Automated Defect Prevention: Best Practices in Software Management (Wiley... (more)

Software Engineering and Code Quality Goals You Should Nail Before 2018

When applications crash due to a code quality issues, the common question is, "How could those experts have missed that?" The problem is, most people imagine software development as a room full of developers, keyboards clacking away with green, Matrix-esque code filling up the screen as they try and perfect the newest ground-breaking feature. However, in reality most of the work developers actually do is maintenance work fixing the bugs found in the production code to ensure a higher level of code quality. Not only does this severely reduce the amount of business value IT can bring to the table, it also exponentially increases the cost in developing and maintaining quality applications. And even though the IT industry has seen this rise in cost happening for years, they've done little to stem the rising tide. The time has come to draw a line in the sand. Capers Jone... (more)

Product Review: Jtest 4.0

ParaSoft 2031 S. Myrtle Ave. Monrovia, CA 91016 888 305-0041 www.parasoft.com Test Environment: Toshiba Satellite Pro 4600, 866 MHz Intel Pentium III processor, 20GB disk, 256MB RAM, Windows 2000 w/Service Pack 2 Specifications: Platforms: Windows NT/2000/98/ME, Linux, Solaris Pricing: $3,495/developer New-car buyers often fear that they're getting a "Friday afternoon" vehicle - a car built by the last shift at the end of a tough week. Manufacturers have spent an untold number of man-years trying to prevent such defects. As developers you face the same problem: no matter how carefully you work, you'll inevitably make mistakes. The quality assurance department within your organization should be able to catch your mistakes before they make it into production, but they're the last line of defense. Ideally, you'll want to test your code before it makes its way over to the QA ... (more)

Parasoft Jtest Integrates with Borland JBuilder 7.0 to Speed Application Development

(August 20, 2002) --Parasoft has recently announced the integration of Jtest, an automated unit testing tool for Java, with JBuilder 7.0?, the market leading Java development environment from Borland® Software Corporation. This allows JBuilder users to perform automated unit testing on their Java classes, reduce development time, and improve software quality. Jtest is the first development tool of its type to automate key unit testing practices such as white-box, black-box, and regression testing. It also performs static analysis to enforce over 300 industry-respected coding standards as well as user defined ones. As many businesses struggle to cut costs and keep up with changing technologies, IT managers and development teams face rising pressure to dramatically improve software quality and speed up production. Unit testing is one proven method of reducing softwar... (more)

Automated Error Prevention for Linux

Most organizations that use Linux as a business operating system are developing their own applications for Linux - perhaps in response to the current scarcity of packaged applications available on Linux. With so much internal development for Linux, it is critical that the IT groups building your Linux-based applications have a means to efficiently produce reliable code. If they don't, you will jeopardize the very reliability and cost-effectiveness that most organizations are trying to achieve by turning to Linux. However, most development teams follow a development process that is far from efficient, and the applications they provide typically experience functionality problems and security weaknesses that require patches, updates, and redeployments. In fact, most IT organizations waste a great deal of their time, effort, and resources fixing what is essentially the... (more)

How Good Is Good Enough?

Intellectually everyone understands that improving code quality is a good thing. After all, we know bad quality when we see it. (Anyone old enough can cast his or her mind back to the late '80s and Microsoft Word for Windows 1.0.) But we also know that there comes a point where there's a diminishing return on our investment in code quality. How much work would you put into tracking down a bug that's only ever been reported once by a user running on OS/2 Warp? The problem with code quality initiatives is that we really don't know how much effort to put into them. We have never truly answered the question: how much quality is enough? Why Code Quality Is Important The Standish Group famously reports on the software industry's inability to deliver successful projects on a regular basis. In 2004, it reported that just 29% of software projects were considered a "success."... (more)

Flow Analysis: Static Analysis on Steroids

There are three main types of software bugs: • Poorly implemented requirements - The software doesn't operate as expected because the functionality defined in the requirements was implemented incorrectly. • Missing or incomplete requirements - The software doesn't perform necessary operations or handle feasible scenarios because the stakeholders/designers didn't anticipate the need for such functionality and didn't specify requirements for it, or because the developers failed to implement a specified requirement. • Confused user - The software was designed in a way that lets confused users take unexpected paths. Building a robust regression suite is the best way to identify poorly implemented requirements, and performing negative testing is the best way to identify confused user errors. However, finding missing requirements is difficult because it's no... (more)

Static Analysis & Development Testing for Embedded Devices

By Jason Schadewald, Product Manager at Parasoft You know those conversations that you have more times than you can count? Well, I recently had one of those at Design West with a very bright software engineer. This poor guy had a number of experiences with static analysis tools that left him with the “compiler warning equivalence” impression. If your static analysis experience is largely with freeware and your training is limited to Internet forums, then I certainly understand how that impression can form. On top of that, he said that the static analysis tools he tried reported “over 20,000 messages.” It’s easy to see why he and many developers like him would find the effort insurmountable. What we’re dealing with here is a question of validity and quantity of results, and a mature Development Testing platform will help you manage both with minimal human interventio... (more)

Code Quality as a Service

As the product manager for CAST Highlight, it's refreshing to see a shift in discussions about the "quality of cloud solutions" to "cloud quality solutions." Recently, there have been an increasing number of cloud-based static code quality analysis tools, or should I say services. A few that I've been watching include: Code Climate consolidates the results from a suite of Ruby static analysis tools into a real-time report, giving teams the information they need to identify hotspots, evaluate new approaches, and improve code quality. Codeq imports your Git repositories into a Datomic database, and then performs language-aware code quality analysis. By doing so, Codeq allows you to: track changes at the program unit level (e.g. function and method definitions); query your programs and libraries declaratively, with the same cognitive units and names you use while prog... (more)

LDRA and Logicircuit Cosponsor National FAA Certification Conference

LDRA, the leader in DO-178C standards compliance, automated software verification, source code analysis and test tools, and Logicircuit, a leading DO-254/178C services and IP company, today announced their cosponsorship of the National Systems, Software, and Airborne Electronic Hardware Conference. This year’s conference, which will be held in Los Angeles, CA on September 23-25, 2014, brings industry members and regulators together to discuss recent significant changes to policy and practice in aircraft systems, software, and hardware. Significant Changes in Avionics Policy Demands Discussion Between Regulators and Industry Over the last few years, avionics regulators overhauled many of the regulatory guidelines to clarify policy and to ensure best practice software and hardware techniques developed in the last decade could be applied to the management and product... (more)